<?

//Initiate Authenticate
SecurityRedirect ();

//initiate Vars 
define("PRIMARY_KEY","user_id");
$FileName       = "ais_tools_userman.php";
$FileTemplate   = "ais_tools_userman_form.html";
$SubHeaderTitle = "User Management";
$TableName		= "$DBGeneral.tbluser";
$HTMLFormName   = "UserForm";

$FormAction    = $FileName . "?" . AddParam(GetQueryString("QueryString", ""),"form","$HTMLFormName");
$FormEncType   = "application/x-www-form-urlencoded";
//$PMode         = "";

//Initiate Database Table For Insert & Update;
$FormFields    = array("user_id","user","password","nik","group_id","staff_id","user_type");
buildsqlfield ("$TableName", $FormFields);

//Leave Here Untouch
$FormCName     = BuildHTMLField($FormFields,"name");
$FormCValue    = BuildHTMLField($FormFields,"value");

//************ FORM ACTION **************
if (GetParam("form","")==$HTMLFormName) {
	if (GetParam("Action","")=="Add") {
		FormInsert();
	}
	if (GetParam("Action","")=="Update") {
		$FormMode="Edit";
		FormUpdate();
	}
	if (GetParam("Action","")=="Delete") {
		$FormMode="Edit";
		FormDelete();
	}
	if (GetParam("Action","")=="Cancel") {
		$FormMode="Edit";
		FormCancel();
	}
}

//Field Verification 
$Verification  = "Enable";
$SessionVar    = md5(microtime());
//$SessionVar    = "Stuck";
$VerifyFields  = array("user"=>"User","password"=>"Password","group_id"=>"Group","staff_id"=>"Staff");
VerifyHTML ($HTMLFormName,$VerifyFields,$SessionVar);

//************ SET FORM MODE ***************

if (GetParam(PRIMARY_KEY,"")) $FormMode = "Edit";
else $FormMode = "Add";

Init($SessionVar,CreateVerifyLoader ($FileName,"iLoader",'user',"$HTMLFormName.".'user', $FormMode));
$InitFunction = "isExist".'user'."()";


//******* DATABASE FORM QUERY ***********
$SQL  = "SELECT $DBGeneral.tbluser.user_id,user,AES_DECRYPT(password, \"$HashKey\") as password,$DBApp.tblusergroup.group_id, nik, $DBGeneral.tblstaff.staff_id, $DBGeneral.tbluser.user_type FROM $DBGeneral.tbluser ";
$SQL .= "LEFT JOIN $DBApp.tblusergroup ON $DBGeneral.tbluser.user_id=$DBApp.tblusergroup.user_id ";
$SQL .= "LEFT JOIN $DBApp.tblgroup ON $DBApp.tblusergroup.group_id=$DBApp.tblgroup.group_id ";
$SQL .= "LEFT JOIN $DBGeneral.tblstaff ON $DBGeneral.tblstaff.user_id=$DBGeneral.tbluser.user_id ";
if (GetParam(PRIMARY_KEY,"") && $FormMode="Edit") {
    $SQLForm = $SQL." WHERE $DBGeneral.tbluser.user_id='".GetParam(PRIMARY_KEY,"")."'";
}



//print $SQLForm;
//Select Group
$SQLGroup = "SELECT * FROM $DBApp.tblgroup ORDER BY group_name";

//Select Staff
$SQLStaff = "SELECT $DBGeneral.tblstaff.* 
             FROM $DBGeneral.tblstaff 
             LEFT JOIN $DBGeneral.tbluser ON $DBGeneral.tblstaff.user_id=$DBGeneral.tbluser.user_id
						 ORDER BY nama";


//******* SHOW FORM CONTENT *********
$TBS = new clsTinyButStrong ;
$TBS->LoadTemplate($MOD_TEMPLATE_DIR."/".$FileTemplate);

//HTML Component Data
$TBS->MergeBlock("groupblk",$DBMysql,$SQLGroup);
$TBS->MergeBlock("staffblk",$DBMysql,$SQLStaff);


//HTML Value From Database
if (GetParam(PRIMARY_KEY,"")) $TBS->MergeBlock("blv","mysql",$SQLForm);
else $TBS->MergeBlock("blv",$FormCValue);

//HTML Component Name
$TBS->MergeBlock("bln",$FormCName);
$TBS->Show();


//*************** ACTION FUNCTION *******************
function FormInsert() {
	global $DBConnection,$FileName,$HashKey,$DBGeneral,$DBApp;
	$SQL = "SELECT user_id FROM $DBGeneral.tbluser WHERE user=\"".GetParam("user","")."\"";
	$user_id = $DBConnection->dbc->get_var($SQL);
	if (!$user_id) {
		$SQL = "INSERT INTO $DBGeneral.tbluser (user,password,user_type,ktrasl) VALUES ('".GetParam("user","")."',AES_ENCRYPT('".GetParam("password","")."','$HashKey'),'STAFF','".GetOfficeID()."')";
		$DBConnection->dbc->query($SQL);			
		$SQL = "SELECT max(user_id) FROM $DBGeneral.tbluser";
		$user_id = $DBConnection->dbc->get_var($SQL);		
	}
	$SQL = "INSERT INTO $DBApp.tblusergroup (user_id,group_id) VALUES ('$user_id','".GetParam("group_id","")."')";
	$DBConnection->dbc->query($SQL);
	$SQL = "UPDATE $DBGeneral.tblstaff SET user_id='$user_id' WHERE staff_id='".GetParam("staff_id","")."'";
	$DBConnection->dbc->query($SQL);	
	header("Location: $FileName");
	exit;
}

function FormUpdate() {
	global $DBConnection, $FileName,$HashKey,$DBGeneral,$DBApp;
	$SQL = "UPDATE $DBGeneral.tbluser SET user='".GetParam("user","")."',password=AES_ENCRYPT('".GetParam("password","")."','$HashKey'),user_type='".GetParam("user_type","")."' WHERE user_id='".GetParam("user_id",'')."'";
	$DBConnection->dbc->query($SQL);
	$SQL = "UPDATE $DBApp.tblusergroup SET group_id= '".GetParam("group_id","")."' WHERE user_id='".GetParam("user_id","")."'";
	$DBConnection->dbc->query($SQL);
	$SQL = "UPDATE $DBGeneral.tblstaff SET user_id='' WHERE user_id='".GetParam("user_id","")."'";
	$DBConnection->dbc->query($SQL);		
	$SQL = "UPDATE $DBGeneral.tblstaff SET user_id='".GetParam("user_id","")."' WHERE staff_id='".GetParam("staff_id","")."'";
	$DBConnection->dbc->query($SQL);	
	header("Location: $FileName");
	exit;
}

function FormDelete() {
	global $DBConnection,$FileName,$TableName,$DBGeneral,$DBApp;
	$SQL = "DELETE FROM $DBGeneral.tbluser WHERE $DBGeneral.tbluser.user_id=".GetParam("user_id","")."";
	$DBConnection->dbc->query($SQL);
	$SQL = "DELETE FROM $DBApp.tblusergroup WHERE $DBApp.tblusergroup.user_id=".GetParam("user_id","")."";
	$DBConnection->dbc->query($SQL);
	$SQL = "UPDATE $DBGeneral.tblstaff SET user_id='' WHERE $DBGeneral.tblstaff.staff_id=".GetParam("staff_id","")."";
	$DBConnection->dbc->query($SQL);
	header("Location: $FileName");
	exit;	
}

function FormCancel () {
	global $FileName;
	header("Location: ".$FileName);
	exit;
}
//*************** USER FUNCTION *******************
function buildsqlfield ($table, $arrayfield, $ExcludeField="") {
		global $DBConnection;
		$x_field = explode(";",$ExcludeField);
		
		for ($x=0;$x<count($arrayfield);$x++) {
			if (!in_array($arrayfield[$x],$x_field)) 
			   $DBConnection->add_htmlfield($table,$arrayfield[$x],GetParam($arrayfield[$x],""));
		}
}


?>
